Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Apple Mail and the Bounce feature

Apple Mail and the Bounce feature

  • Comments 3

The other day, I was talking with a friend of mine who owns a Mac and how he finds the Bounce feature of Apple mail very useful.  "Bounce feature?" I asked.  "Is that what I think it is?"

I don't use Apple Mail anymore.  I do have a Mac but I use it mostly (though not exclusively) for video editing -- you can't beat Final Cut Express, I tell you what.  Anyhow, I went and looked up this Bounce feature and here is what I found:


The "Bounce" Feature

Apple Mail comes with a smart feature to actively fight spam: the Bounce feature. To really understand its principle, some side information is perhaps necessary.

A mail server can handle emails sent to a non-existent user in two ways:
One way (not recommended) is to set a "catch-all" email address, usually "postmaster@domain.com". Any undeliverable email received by the mail server will go to the Postmaster account, which is usually monitored by the system administrator.

The other way (preferred) is to bounce emails back to the sender, (whether it is a legitimate sender or not.) In some cases, spam is sent by a monitored (real) email address. If the spammer notices or thinks that the email account is not active, it will remove it from its spam list.

Apple Mail can emulate the behavior of a bounced back email: to bounce back an email to its sender, control-click/right-click on the junk email, and choose "Bounce". The sender's mail server will receive -and relay- an undeliverable failure notice.


While the writer of this article is correct in that the preferred way is to send bounce mails back to the sender, it is not complete.  The preferred way is send bounce mails during the SMTP conversation.  What the article is basically saying, indeed, the feature that Apple Mail has apparently built into their product, is going to ultimately contribute to the problem of backscatter.

By the time this email has reached your inbox, the SMTP conversation is already over.  You have already accepted the email.  By bouncing the message, you are doing the classic accept... then bounce behavior which is why backscatter is such a pain.  If you do bounce the message, then you need to make sure that the sender of the message actually did send it.  If the message is spam -- and this article says that the feature is used to actively fight spam -- then the sender is probably forged.  By bouncing the message back to the sender, you are sending them a spam message that they didn't actually send.

So, the advice that this article gives is actually the opposite; instead of fighting spam, if you use this feature, you're quite likely to end up contributing to it.

Leave a Comment
  • Please add 1 and 1 and type the answer here:
  • Post
Page 1 of 1 (3 items)